Latest Update for Malaysian's Credit/Debit Cardholder : CHIP & PIN Concept

Yesterday, I have attended a briefing conducted by the Sutherland Global Services which was organised by the Bank Islam Card Center Department pertaining to the latest future security enhancement for our credit/debit card.

Starting from 1st January 2017, Bank Negara Malaysia will implement Chip & PIN Concept for our Credit/Debit Card user which the concept of Chip & Signature will be no longer in used.What is the Chip & PIN concept?

Its Simple!

Currently, when we used our credit card and swipe the card at the merchant's card terminal, we will get two copies of receipts. One copy for our signature and keep by the merchant for them to claim with Bank. Merchant will give us another copy for our keeping. By introducing this Chip & PIN concept, there is no more signature required. Its mean that, when we want to use our credit card, the terminal will request our card's PIN number for validation and authorize the transaction.

So, are you remember your Credit Card's PIN number? Forgot?So How?

Don't worry, Bank will reissue a new credit card for you together with a new PIN number. This is because, by introducing this concepts, there will be an enhancement requires on our credit card's chip as well as Bank's system need to be upgraded. 

BNM is currently working with all Local and Foreign Banks in Malaysia to find the best mechanism to implement this concept. BNM had appointed Sutherland Global Services as a consultant in migrating this Chip & PIN concept into Malaysian environment. These will affect all credit card service provider such VISA, MASTERCARD, AMEX, JCB etc. 

Why BNM Imposed Chip & PIN? 

The main reason is to mitigate the issue on the fraud/unauthorized transaction of credit card due to lost and stolen. Today, if you lost your card and not realized it and not report to the Bank, your card can be used by anyone. So, by implement this measures, our card cannot be used since its protected with PIN number. Personally, i think this is good move to protect customer interest and to reduce fraud cases.

Currently, most of the European Countries had implemented this concept as a security level. In fact USA also currently planning to implement Chip & PIN as their country is among the highest credit card fraud in the world!

Please take note, this Chip & PIN is applicable to merchant transaction when you swipe your card only. Issuance of Credit card for e-Commerce transaction is still unchanged!

Be Ready! The pilot run run start somewhere in next year.




  

7 Of The Best Futuristic Unmanned Military Aircraft

I found something that interesting in Military Technology related to unmanned Military Aircraft that i want to share with all. Unmanned military aircraft is consider  a new technology in military today. I believe that, this technology will be used by 3 most powerful country in the world!USA, Rusia and China! In fact, today we may be don't know that these 3 countries had already own it!

The strength of the country not rely depending on the number of military asset, weapon and army that owned by the country. In world military today, technology is the most weighted criteria in measuring the strength their military. Technology in military would contribute the asset or weapon to the highest effective and efficient. 

Malaysia in term of Military technology is far behind other. In fact, Singapore and Indonesia is better than us. However, we hope and pray God give the highest protection to our loved country 

Below is a list of 7 Unmanned aircraft that are expected to enter service within the next 10 years. Check it Out!

7. Northrop Grumman X-47B

The aircraft can be remotely controlled by ground operators and has so far cost upwards of $813 million. It is also one of the four competitors for the U.S. Navy’s Unmanned Carrier-Launched Surveillance and Strike System (UCLASS). The winning aircraft is due to be launched in 2019.

6. Northrop Grumman MQ-4C Triton

It looks like a beluga whale but is designed for maritime surveillance, to analyze battle damage and relay communications. It made its first test flight in May 2013 and will be able to cover huge distances because of its 28-hour flight endurance and maximum speeds of 357 mph

5. Boeing Phantom Ray

This aircraft was more or less a secret until May 2009, with only a handful of company executives knowing anything about it. With top speeds of mach 0.85 and a range of 1,500 miles, the aircraft is capable of suppressing air defenses, aerial refueling, surveillance and electronic attack.

4. Northrop Grumman MQ-8C Fire-X

 It is hoped that this aircraft will be ready for action in 2014. It has the honor of being the first unmanned helicopter to land on a moving ship, which was traveling at 17 mph at the time. It will primarily be used for reconnaissance and support, but does come equipped with Griffin missiles, guided rockets and Hellfire missiles.

  

3. Lockheed Martin Sea Ghost

It’s a stealth bomber lookalike, but is capable of strike missions, surveillance and reconnaissance, and able to carry a 1,000-pound weapon. The highly technical aircraft, says Lockheed, can be operated by a single operator and will be able to operate in any environment. It’s due for limited service in 2018.

2. Boeing Phantom Eye

Endurance is the name of the game for this odd-looking surveillance aircraft – it can spend up to four days in the air and reach altitudes of 65,000 feet, rendering it invisible to the naked eye. It’s fueled only by liquid hydrogen, which also makes it a clean aircraft as its only byproduct is water. While it's billed as a surveillance aircraft, the Navy did ask Boeing to fit an unnamed payload onto the demo model.

1. Boeing Insitu RQ-21 Integrator

It looks like a model aircraft and is launched by pneumatic slingshot, which means it can be deployed without the need for runways or aircraft carriers. It will primarily be used as a scout aircraft that will be linked to other unmanned aircraft. Currently in small initial production, the aircraft is expected to move into full production shortly.


(Source : http://www.ibtimes.com/7-best-futuristic-unmanned-military-aircraft-1503984)

Ranking of World Military Strength

One of the measure of national security level of the country is the Strength and Technology used in their Military. Today, most of the country were equipped with the latest technology in Military especially big country such USA, Russia and China. 

They are try to beat each other to ensure that their military equipment were better than other country and their national security put at higher level. That why, we can see that, those country willing to spent their money to buy a latest weapon technology to protect their country. For instances, USA were reported have budgeted USD 612,500,000 Billion in 2013 for their military (Source: GlobalFirePower.com)

In measuring the strength of World Military power, Global Firepower (GFP) provides a unique analytical display of data concerning of each country. The GFP Ranking is based on their analysis and come out with the  "Power Index" (PwIndx) which supplies a nation its respective ranking. 

For 2014, the Top 5 Ranking Country and their budget spending for military as below:

Source:www.globalfirepower.com

As expected, the the top 3 were dominated by the most powerful country in the world today i.e. USA, Rusia and China. These countries were also dominated the Top 5 Largest expoprter of the weapon in the world which USA & China were ranked 1 and 2 respectively (Source: www.therichest.com). 

It also noted that, in 2013 the USA exported about 27% of their weapon to middle east country. So, who actually the man behind arab spring which now we can see in Syria, Egypt, Yemen, Iraq etc.were under conflict. World today already know that!  

However, unexpectedly, India were ranked in 4th which indicate that their military readiness.India were also among the highest country that allocate the big amount of fund to improve their military strenght

In the context of Malaysia we also prepared ourselves to strengthen the our military equipment. Budget for 2015 announced by our Prime Minister has allocated RM17.7 Billion for our defence compared to RM16.10 billion n 2013. It indicate that, the government taken seriously on the issue of defence after several incident happen for the last one year. For instance, issue on the Lahad Datu, Sabah being invaded by the Royal Sulu Army and the latest issue on MH370 which triggered that our national security at stake. Issue of missing aircraft MH370 was also speculated due to military technology war between 3 big big Country.

The snapshot below shows to us the 2014 GFP comparison between Malaysia and Singapore.

Source : www.globalpower.com

Based on the GFP ranking, Malaysia is slightly better than Singapore which ranked at 44 compared to Malaysia Ranked at 38. However, if we based on the Military readiness in term of people and weapons, we can see that Singapore is much better than us. For instances, Singapore's tank and AFV in term of number is much better than Malaysia. In fact,everyone know that Singapore is  close trade partner as well as military partner to USA in ASEAN Region. 

Malaysia in last 10 year had spent quite big amount of money to improve military asset in protecting our company. However, the question here is;

 "Did our Armed Forces purchase the right equipment, weapons and weapons systems in the first place? For instances, our two scorpion submarine were fully operating? Some were also bring the issue that our Jet Fighter i.e. Sukhoi and  MIG is it the same type and specification used by other country like India, Rusia and Ukraine? 

I' m not in the position to comment further on this. But this must be taken into consideration to improve our military strength

Source : www.globalpower.com

Money Laundering

According to the 2013 Global Financial Integrity Report of Washington, Malaysia stands at No.5 in the world with an illicit funds outflow of USD 291 billion. Despite China being the leader in this list, Malaysia beats China and wins the top spot in money laundering per capita, recording RM 6,400 per person per year. In the world of money laundering, international reputation of Malaysia is degrading with time and has already fallen below that of Thailand or Indonesia. (Source: Global Financial Integrity Report)

What is Money Laundering

Money Laundering is the process by which money coming from Source X (illegal/Black Money) is made to look as it’s coming from Source Y (legal/clean Money). Bank Negara Malaysia (BNM) defined Money Laundering as: 

"A process of converting cash/property, which is derived from unlawful activities, to give it the appearance of having been obtained from a “legitimate source”.

Money Laundering Process

Involved 3 process described as diagram below:

Source:www.kcymap.com

Collection from the illegal money/Black Money will be placed at Financial Institution. Under layering activities, this money will be transfer between offshore/onshore Bank. Once completed the layering process, to ensure the money look like legitimate, the money will be used as and investment such buying the luxury assets, investment into legal commercial activities etc.

High Risk Customer 

In combating the Money laundering activities, BNM has identified the High Risk Customer which all Bank must more careful in dealing with them. 

1.    Political Exposed Person (PEP). Foreign individuals who are or have previously been assigned prominent public functions in a particular country (e.g. member of royal families, senior political figure, religious figure, key non executive individual)

2.    Member of Cabinet & Local Politician

3.    Money Changer

4.    Legal Firm

5.    Offshore Entities

6.    Individual/entities from high risk jurisdiction country listed by FAFF & UNSCR i.e.  Iran, Democratic People of Korea, Algeria, Ethiopia, Indonesia, Kenya, Myanmar, Pakistan, Syria, Tanzania, Turkey, Yemen & Ecuador.

7.    High Network Individual

How Bank Detect the Suspected Money Laundering Activities

Today, there are numbers of system available in the market designed specifically to detect the suspected Money Laundering Transaction. One of the system called Coral Intelligent Sensor For Money Laundering (Coral ISEM) designed by TESS International, one of the System provider in Banking Industry globally.

Function of the System

1. Monitor customer’s transaction and perform behavioral Analysis or pattern to detect any deviation

2. Screening of new customer

3. Dashboard reporting for Compliance Team & Management  

 How the System Work

Source: Functional Specification, Bank Islam Anti Money Laundering (AML)System

Data were extracted of data from source systems like Core Banking System (CBS) as an input to the Coral ISEM system. In addition the data were extracted from LexisNexis database as a for watchlist filtering. LexisNexis is the Risk Solution Company which provides the worldwide comprehensive database for people who are under high risk customer and Watchlist criteria. All the data extracted will be processed at the staging database and transformed into the AML system required data input templates and loaded into the respective tables for Watchlist and transaction filtering purpose.

Once the processing is done, the alerts and the relevant information from the staging database will then be transferred across to the production application database where the users can access the system 

Source:

•   Bank Negara Malaysia 2013, Revised Guidelines. Anti-Money Laundering and Anti-Terrorism Financing      Act Sep 2013
•   Functional Specification, Bank Islam Anti Money Laundering (AML)System, September 2014.

ATM Malware Attack : Lesson That Never Learn by Malaysian Bank

Automatic Teller Machine (ATM) is one of the channel service provided by the Bank to their Customer in the Modern Banking era. For customer, ATMs will provide convenience to them in their Banking Transaction. Today, ATM not only for cash dispense, but other service were also provided by the Bank such bill payment, transfer money, buy prepaid etc .However, for the Robber and Hackers, ATMs machine is one of the valuable target. This is due to lot of money available in the ATM. Money inside the ATMs machine is vary depend on the Bank's Policies and type of Machine. In average, one Machine normally loaded with RM300,000 to RM600,00.00

ATMs were equipped with the security features such local alarm. Central Monitoring System (CMS) as an alert to trigger any attempted robbery and CCTV for recording. However, this is for physical security of ATM only. In fact, the ATM robbery cases still happened.  

Lately, we can read in the newpaper quite number the ATM been robbed. Previously“Oxy Gang”,is one of the common tactic used by robber in Malaysia. They using oxy-acetylene blow torch to open the machine’s cash compartment. The latest robbery incident was happened in September 2014. The STAR reported that Hacker form Latin American gang exploited flaws in the authentication process to hack into at least 14 ATM in Selangor, Johor and Malacca and got away with almost RM3mil."(The Star, 30 September 2014)

Based on the investigation, Bukit Aman Commercial Crime Investigation Department chief Comm Datuk Mortadza Nazarene told Bernama that the suspects used a computer malware known as “ulssm.exe” to hack into the ATMs.“The suspects were found to have opened the top panel of the machine without using a key and inserted a compact disc into the machine’s processing centre which caused the ATM’s system to reboot. He said they then used a keyboard to hack into the system and take out money. According to him, information obtained from the systems engineer of a bank indicated that up to 40 notes could be taken out in a single transaction using the method (The Star 30 September 2014)

Source:www.malaysianinsider.com

So why i said that Malaysian Bank never Learn  to protect their ATM from  Malware Attack? There are are Three Red Flag that supposedly triggered all the Banking Institution to take precaution in protecting their ATM .

1.  The Similar Modus Operandi were happened in other Country

This is not the first time a Malware attack used to steal money from banking institution. Similar case have also been reported in other countries. It was reported that the first incident were happened in 2009. In 2010, computer security experts the ATM machines can be hacked to spit money, using hardware kit that cost less than US$100 to make. And the ATM’s motherboard is only protected by a door, of which you can buy the “universal key” online (*grin*). You can then used a USB port on the motherboard to upload your own software (stored in your USB stick), which changed the device’s display, played a tune, and made the machine spit out money.

According to Kaspersky Lab, David Emm the criminals work in two stages. First, they gain physical access to the ATMs and insert a bootable CD to install the Tyupkin malware. After they reboot the system, the infected ATM is now under their control and the malware runs in an infinite loop waiting for a command.

There's are also another famous malware used i.e. 'Trojan Horse' which was discovered in 2013 to hack ATMs in Mexico. Amazing, this malware allowed hackers to simply send and SMS to the compromised ATM. Below diagram shows how the modus operandi work:

Source : www.financetwitter.com

• Connect a mobile phone to the machine with a USB cable and install Ploutus Trojan.
• Sends two SMS messages to the mobile phone inside the ATM.
• Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
•   Network packet monitor (NPM) module coded in the trojan receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
• Amount for Cash withdrawal is pre-configured inside the trojan horse itself.

       

2. Microsoft Stopped Support the Window XP Operating System

Most of the ATM at Malaysian Bank used a Window XP Operating System. On 8th April 2014, microsoft had announced that they are no longer the operating system of window XP. In other word, even if the ATM Trojan Horse was discovered one day after the end-of-support date, Microsoft will not release any security patches to plug the threat, period. This should be a red flag to the Bank to do something to ensure their security level is not compromise.

3. Easy Access to top Panel of ATM Machine.

As mention earlier, the previous incident in other country, the Malware or Virus Trojan put into the ATM through Top Panel of ATM machine to get access to the mother Board. Currently, most of our ATM are very easy to remove the top panel. This is the gaps that our Malaysian Bank and Vendor to the ATM machine were not realized on the risk. Most of the ATM only protect the compartment that contain a money which high security level. But they they forgot that the ATM system inside the machine can easily access without any security level put in place.

Source : http://www.financetwitter.com/2014/09/here-is-how-malaysian-atms-were-hacked-of-rm3-million-by-latin-ameericans.html

m-Commerce: Banking at Your Finger Tip!

Mobile Banking is one of the m-commerce platform that allowed user to transact the banking transaction at anytime and anywhere. Most of the Banking today has offered the Mobile services as one of the channel for customer convenience.

Bank Islam is the first Bank in Malaysia offering TAP Mobile Banking-i which is officially launched on 20 October 2010. TAP mean 'Transaction at Palm'. This mobile Banking application use "mPOD chip" technology to display banking menu on user's phone mobile. This' mPOD technology was patented from Taiwan.

The features of Bank Islam Mobile Tap :

a. NO Internet access required. It mean that, the application used the TELCO line i.e. CELCOM, DIGI, MAXIS etc. Other bank used Web based application which the access is through Internet connection.

b. No downloading of software required. Using plug & play aaproach

c. Not limited to specific phone model. Any model of phone can be connected.

d. Save and secured. TAP used technology "Triple Des Encryption". This is the highest security level for SMS technology whereby the data sent to Telco were changed to unknown character.

Source : www.bankislam.com.my

Among other Services Provided were:

1. Balance Inquiry

2. Fund Transfer

3. Bill Payment

4. Bank Islam Financing Inquiry & Payment
5. Prepaid Topup
6. Cheque Management

So, with TAP you NO need to go to Branches! NO Need to pay a parking Fees, NO need to Wait. The most important is TAP is secured, Cost and Time Saving, Cashless and Paperless!

With TAP Mobile Banking Bank Islam, it will made your Banking Transaction at Your Finger Tip!

Source : www.bankislam.com.my.